Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat: RHSA-2022-5525-01 Moderate: Service Binding Operator DoS

red hat
Calendar Grey July 27, 2022
Dist Redhat Esm H88
Red Hat enhances security measures for the Service Binding Operator, tackling problems with a medium severity classification. Discover further details.
An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.7 + Red Hat Pro...

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Security Fix(es):
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat DoS moderate impact service binding operator

References

https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/building_applications/connecting-applications-to-services#odc-connecting-an-application-to-a-service-using-the-developer-perspective

Package List


Advisory ID: RHSA-2022:5525-01
Product: OpenShift Developer Tools and Services
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5525
Issue date: 2022-07-07

Topic

An update for service-binding-operator-bundle-container andservice-binding-operator-container is now available for OpenShift DeveloperTools and Services for OCP 4.7 +Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat DoS moderate impact service binding operator

Relevant Releases Architectures

Bugs Fixed

2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

APPSVC-1133 - Release 1.1.1 version

APPSVC-1135 - Unable to retrieve ClusterWorkloadResourceMapping on Dev Sandbox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here